Master Nginx: Multi-Domain Sites, Auth, Autoindex, and Advanced Proxy Tricks

The article lists several common, useful, and interesting Nginx configurations that you can learn from.

Configure Multiple Domains for One Site

<code>server {
    listen       80;
    server_name  ops-coffee.cn b.ops-coffee.cn;
}
</code>

Use server_name followed by space‑separated domain names.

One Service Hosting Multiple Sites

<code>server {
    listen       80;
    server_name  a.ops-coffee.cn;

    location / {
        root  /home/project/pa;
        index index.html;
    }
}

server {
    listen       80;
    server_name  ops-coffee.cn b.ops-coffee.cn;

    location / {
        root  /home/project/pb;
        index index.html;
    }
}

server {
    listen       80;
    server_name  c.ops-coffee.cn;

    location / {
        root  /home/project/pc;
        index index.html;
    }
}
</code>

Nginx supports three virtual‑host types: IP‑based (requires multiple IPs), port‑based (different ports), and name‑based (most common, as shown above).

Add Basic Authentication

<code>server {
    location / {
        auth_basic "please input user&passwd";
        auth_basic_user_file key/auth.key;
    }
}
</code>

Use a Perl script to generate password hashes:

<code># cat pwd.pl 
#!/usr/bin/perl
use strict;
my $pw=$ARGV[0];
print crypt($pw,$pw)."\n";
</code>

Run it and create the

auth.key

file:

<code># perl pwd.pl ops-coffee.cn
opf8BImqCAXww
# echo "admin:opf8BImqCAXww" > key/auth.key
</code>

Enable Directory Listing

<code>server {
    location download {
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
    }
}
</code>

autoindex_exact_size : on shows exact byte size; off shows rounded KB/MB/GB. autoindex_localtime : on displays server local time instead of GMT.

To force browsers to download files rather than display them, add:

<code>if ($request_filename ~* ^.*\.(txt|pdf|jpg|png)$) {
    add_header Content-Disposition 'attachment';
}
</code>

Configure a Default Site

<code>server {
    listen 80 default;
}
</code>

When multiple virtual hosts exist, Nginx selects the first matching block; if none match, it serves the first server block unless a default is explicitly defined.

Block Access by IP

<code>server {
    listen 80 default;
    server_name _;
    return 404;
}
</code>

This returns 404 for requests that do not match any configured domain, preventing unwanted IP‑based access.

Serve a Verification File Directly

<code>location = /XDFyle6tNA.txt {
    default_type text/plain;
    return 200 'd6296a84657eb275c05c31b10924f6ea';
}
</code>

Useful for services like WeChat that require a specific TXT file for domain verification without actually placing the file on the server.

Configure Upstream Reverse Proxy

<code>http {
    ...
    upstream tomcats {
        server 192.168.106.176 weight=1;
        server 192.168.106.177 weight=1;
    }

    server {
        location /ops-coffee/ {
            proxy_pass http://tomcats;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}
</code>

Note the difference between

proxy_pass http://tomcats

(keeps the original URI) and

proxy_pass http://tomcats/

(replaces the matched URI with the upstream’s root).

Enable Keepalive for Upstream

<code>upstream tomcat {
    server ops-coffee.cn:8080;
    keepalive 1024;
}

server {
    location / {
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_pass http://tomcat;
    }
}
</code>

Keepalive reduces the overhead of repeatedly establishing TCP connections between Nginx and backend services.

Redirect 404 Errors to Home Page

<code>server {
    location / {
        error_page 404 = @ops-coffee;
    }

    location @ops-coffee {
        rewrite  .*  / permanent;
    }
}
</code>

This configuration sends users to the home page whenever a 404 error occurs.